5

CVE-2015-4651

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version1.12.0
WiresharkWireshark Version1.12.1
WiresharkWireshark Version1.12.2
WiresharkWireshark Version1.12.3
WiresharkWireshark Version1.12.4
WiresharkWireshark Version1.12.5
DebianDebian Linux Version8.0
OracleSolaris Version11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.53% 0.877
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
https://security.gentoo.org/glsa/201510-03
http://lists.opensuse.org/opensuse-updates/2015-07/msg00020.html
http://www.debian.org/security/2015/dsa-3294
Third Party Advisory
http://www.securityfocus.com/bid/75317
http://www.securitytracker.com/id/1032662
http://www.wireshark.org/security/wnpa-sec-2015-19.html
Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11153
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=524ed1df6e6126cd63ba419ccb82c83636d77ee4